扫描报告
15 /100
polymarket-equity-markets-trader
Trades Polymarket prediction markets on stock index milestones, IPOs, earnings surprises, and company-specific financial events
A legitimate Polymarket trading bot using the simmer-sdk SDK with no malicious behavior detected. The skill safely defaults to paper trading mode and has clear documentation matching implementation.
可以安装
This skill is safe to use. Verify the simmer-sdk package integrity by checking its PyPI page and consider pinning a specific version for reproducibility.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Third-party SDK dependency 供应链 | clawhub.json:1 |
| 提示 | Credential environment variable 敏感访问 | trader.py:68 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | Uses SimmerClient API calls to Polymarket |
| 环境变量 | READ | READ | ✓ 一致 | os.environ.get() for configuration only |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 文件系统 | NONE | NONE | — | No file read/write operations |
目录结构
3 文件 · 28.4 KB · 578 行 Python 1f · 375L
Markdown 1f · 130L
JSON 1f · 73L
├─
clawhub.json
JSON
├─
SKILL.md
Markdown
└─
trader.py
Python
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
simmer-sdk | * | pip | 否 | Latest version from PyPI, source not bundled for audit |
安全亮点
✓ Paper trading is the safe default mode - no real trades without explicit --live flag
✓ SKILL.md documentation is comprehensive and accurately describes implementation
✓ No shell execution or subprocess calls detected
✓ No obfuscation techniques (base64, eval, atob) found
✓ No credential harvesting beyond what's needed for the trading API
✓ No hidden functionality or shadow behavior
✓ Explicit cron/autostart: null prevents automatic execution
✓ Code is clean, well-commented, and follows Python best practices